Vulnerability CVE-2014-7819

Vulnerability Name:

CVE-2014-7819 (CCN-98413)

Assigned:

2014-10-30

Published:

2014-10-30

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-7819

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-security Mailing List, Thu, 30 Oct 2014 11:52:56 -0700
Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)

Source: CCN
Type: oss-security Mailing List, Thu, 30 Oct 2014 13:29:05 -0700
[AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets

Source: CCN
Type: BID-70858
RubyGems Sprockets CVE-2014-7819 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
sprockets-cve20147819-info-disclosure(98413)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-7819

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:sprockets_project:sprockets:2.11.0:*:*:*:*:*:*:*

OR cpe:/a:sprockets_project:sprockets:2.12.2:*:*:*:*:*:*:*

OR cpe:/a:sprockets_project:sprockets:2.12.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55267	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:55950	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:26127	P	Security update for postgresql12 (Moderate)	2021-09-16
oval:org.opensuse.security:def:26116	P	Security update for apache2 (Important)	2021-09-02
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:20147819	V	CVE-2014-7819	2021-08-15
oval:org.opensuse.security:def:36566	P	rubygem-sprockets-2_2-2.2.1-0.7.11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:55784	P	Security update for spice (Important)	2020-12-16
oval:org.opensuse.security:def:55127	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:55678	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:27564	P	rubygem-sprockets-2_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26833	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26319	P	Security update for kde-cli-tools5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:55104	P	facter on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26891	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56343	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26457	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:56509	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26692	P	evince on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55505	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:56628	P	Security update for libICE (Moderate)	2020-12-01
oval:org.opensuse.security:def:26794	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26847	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56235	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26400	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:55105	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27529	P	osc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56435	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:26541	P	evince on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56547	P	Security update for nautilus (Low)	2020-12-01
oval:org.opensuse.security:def:26745	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:201478190000000	V	CVE-2014-7819 on Ubuntu 18.04 LTS (bionic) - low.	2014-11-08
oval:com.ubuntu.artful:def:20147819000	V	CVE-2014-7819 on Ubuntu 17.10 (artful) - low.	2014-11-08
oval:com.ubuntu.xenial:def:20147819000	V	CVE-2014-7819 on Ubuntu 16.04 LTS (xenial) - low.	2014-11-08
oval:com.ubuntu.xenial:def:201478190000000	V	CVE-2014-7819 on Ubuntu 16.04 LTS (xenial) - low.	2014-11-08
oval:com.ubuntu.bionic:def:20147819000	V	CVE-2014-7819 on Ubuntu 18.04 LTS (bionic) - low.	2014-11-08
oval:com.ubuntu.disco:def:201478190000000	V	CVE-2014-7819 on Ubuntu 19.04 (disco) - low.	2014-11-08
oval:com.ubuntu.cosmic:def:20147819000	V	CVE-2014-7819 on Ubuntu 18.10 (cosmic) - low.	2014-11-08
oval:com.ubuntu.cosmic:def:201478190000000	V	CVE-2014-7819 on Ubuntu 18.10 (cosmic) - low.	2014-11-08
oval:com.ubuntu.trusty:def:20147819000	V	CVE-2014-7819 on Ubuntu 14.04 LTS (trusty) - low.	2014-11-08

BACK